For, by Jon Callas, chief technology officer/chief security officer, PGP.
Of course there continues to be innovation in security. Don't confuse not being properly entertained at [various conferences] with no innovation. The face of information security is changing, bringing more innovation than there has ever been before.
The threats that we face today differ substantially from those we faced a few years ago. It is no longer just a question of defending our network against mere website defacement. Now we face criminals stealing our money, data and, most importantly, our identity.
As such, I believe that information security must be ubiquitous — however, it does not necessarily follow that it must be visible, particularly since most people who use technology on a daily basis find visible security policies an annoyance.
The innovations needed to solve new security threats may not be immediately obvious from the outside. However, they're certainly there. In many ways it's a reversal of the old adage: just because something is out of sight, does not mean it's out of mind.
Against, by Axel Tillmann, vice president of marketing and sales, ENIRA, now part of ArcSight.
Real breakthroughs take time and money and there's no abundance of either in today's marketplace. Exponentially increasing hardware costs and investor expectations for fast and high rates of return are making it difficult to innovate in the information security marketplace.
Here's why: The next generation of high-end security products require intensive ASIC or even proprietary chip implementations. ASIC costs are reaching $40+ million for a development cycle. The price tag for a product that can meet tomorrow's security challenges can quickly add up to $500 million. That's a lot of risk for any company to take on — with no guarantee of a reward.
I don't doubt the innovation will continue. The question is who will fund it? Buyers can take comfort in knowing that there are a lot of boot-strapped companies out there pushing the boundaries of what's new, and many more established companies looking to buy innovation to keep them ahead of the competition. It may just be that consolidation will actually be the new hallmark for innovation!
THRET OF THE MONTH
What is it?
Nugache-A is a new worm that uses peer-to-peer (P2P) for "Command and Control" to form a botnet. Nugache-A is difficult to stop via standard packet-filtering mechanisms because there is no easy way to identify the specific IP addresses from which it gets commands.
How does it work?
Nugache-A exploits a known vulnerability in unpatched Windows systems. Using unassigned TCP port 8, it establishes connections with previous victims, creating a channel for encrypted instructions to newly infected systems. It can spread via email and file shares. It changes the Windows Firewall to allow traffic on port 8.
Should I be worried?
Nugache-A does not use a pre-defined list of IP addresses from which to receive commands, rendering simple address blocking in gateway firewalls impossible. However, anti-virus signatures will detect it, and the traffic is obvious on port 8. Since no legitimate traffic uses that port, anything on it should be considered malicious.
How can I prevent it?
"Default Deny." Block all outbound and inbound traffic at your firewall and add permit rules. This allows only the traffic required by your business through, neutralizing the effects of Nugache-A and similar malware.
Fred Avolio, director, Risk Intel Team, Cybertrust